EP1507384A1 - Verfahren zum Ausblenden einer Weiterverarbeitung von einer Zugriffsanforderung zu einem Server und entsprechende Vorrichtung - Google Patents

Verfahren zum Ausblenden einer Weiterverarbeitung von einer Zugriffsanforderung zu einem Server und entsprechende Vorrichtung Download PDF

Info

Publication number
EP1507384A1
EP1507384A1 EP04291974A EP04291974A EP1507384A1 EP 1507384 A1 EP1507384 A1 EP 1507384A1 EP 04291974 A EP04291974 A EP 04291974A EP 04291974 A EP04291974 A EP 04291974A EP 1507384 A1 EP1507384 A1 EP 1507384A1
Authority
EP
European Patent Office
Prior art keywords
address
server
access request
request message
client workstation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP04291974A
Other languages
English (en)
French (fr)
Other versions
EP1507384B1 (de
Inventor
Karel Mittig
Cédric Goutard
Pierre Agostini
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
France Telecom SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by France Telecom SA filed Critical France Telecom SA
Publication of EP1507384A1 publication Critical patent/EP1507384A1/de
Application granted granted Critical
Publication of EP1507384B1 publication Critical patent/EP1507384B1/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2521Translation architectures other than single NAT servers
    • H04L61/2528Translation at a proxy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2539Hiding addresses; Keeping addresses anonymous
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Definitions

  • the invention relates to a process for masking treatments applications for a request to access a server and the masking system corresponding.
  • the workstation When connecting a workstation to a server on the network IP, the workstation is identified, vis-à-vis the server, by an IP address, called customer address.
  • This client address is usually used to customize the content of the information proposed in response to the customer, to implement access control mechanisms through verification of access rights, to ensure metering and / or billing mechanisms.
  • the aforementioned services implement specific mechanisms whose purpose is to implement these services in a transparent way to the client workstation and / or the server. These mechanisms, allowing hide the presence and application processing generated by this service between a Client workstation and a server can be summarized below:
  • This traditional implementation of the service is done by configuring explicitly the client workstation, so that any requests for access to the server passes through an intermediate proxy server running the service.
  • the service is not transparent for the workstation client, neither for the server, because the client workstation transmits only its requests to the proxy server and the server only receives requests in from the only proxy server.
  • the server never knows the address Source IP of the client workstation.
  • requests from the client workstation are redirected transparently to the proxy server, which applies its application processing then transmits the request after processing to the server.
  • the server does not know the source IP address of the post client, requests and transactions originating, for the latter, from the same proxy server provider of the service.
  • the current technique also makes it possible to render a service transparent for servers is based on the implementation of a proxy server transparent vis-à-vis the client workstation, able to reuse the client IP source address when querying the server, transaction 2 figure 1a.
  • An architecture using multiple proxy servers chained services or load balancing mechanisms must therefore rely on a static sequencing of services based on the IP actor source of the client workstation and the server (hash-coding algorithms) to ensure that the IP data packets from the client workstation and of the server, for the same client workstation, pass well through the same Proxy service provider servers, between the outbound and return trip.
  • the object of the invention is to remedy the drawbacks and limitations of the current technique, when it uses the "IP spoofing" function.
  • the method of masking application treatments a request to access a server issued through a workstation client object of the invention applies when the client workstation is connected to this server via successive intermediary proxy servers the IP network. It is remarkable in that it consists at least, at the level of the first proxy server reached by this access request, to apply the application processing supported by this first proxy server to this access request, insert the address IP of the client workstation in one of the specific data fields of the header of the access request message, and at the level of the proxy servers successive, transmit successively, in the absence of a call from the function "IP spoofing ", the request for access to the following proxy server, keeping the address IP of the client workstation in the header of the access request message, for execute the application processing provided by each of the following proxy servers, and, following the successive execution of each application process and the transmission of this access request by the last of the proxy servers successive intermediaries to the server, at the level of a masking module interconnected in break with this server, intercept the request in break access, remove the specific field from the header of the
  • the method that is the subject of the present invention for transmitting a transparent response message from a server to a workstation client, when this server has received a hidden request message, is remarkable in that it consists, following the transmission of a message of specific response to the destination address, IP address of the workstation client, at the level of the masking module, to cut off the message specific response, extracting from the specific response message the address of destination, IP address of the client workstation, discriminate, from the address destination, the intermediate source IP address corresponding to the IP address of the last intermediate proxy server reached by the query, rebuild, from this specific response message, a reconstructed response message having as destination address this intermediate source IP address corresponding to the IP address of the last intermediate proxy server reached by the request message, transmit the module's reconstructed response message masking to the last intermediate proxy server, and at that level last intermediate proxy server and intermediate proxy servers successive executing the corresponding application processing and transmit successively the response message reconstructed to the previous server, and, following the successive execution of each application process by each Intermediate proxy servers at the first proxy server
  • the client workstation is denoted WSCL
  • the successive proxy servers are denoted SP x , where x is deemed to designate the rank of the successive proxy servers traversed by an access request to the server S, where x is between 1 and n for example.
  • the access request message is noted: - REQ [XF] [IP_S, IP_CL].
  • the method that is the subject of the invention consists of the first proxy server SP 1 , which must imperatively be transparent to the client, when this first proxy server is reached by the access request message, to be applied. in a step A application processing provided by the first intermediate proxy server SP 1 to the aforementioned access request.
  • step B it also consists of a step B to insert the IP address of the client work in one of the data fields specific to the header of the access request message.
  • the access request message is then: REQ [IP_CL] [IP_SP, IP_CL]
  • the request message is considered mentioned above after application of the application processing considered in step A then inserting the IP address of the client workstation in the data field specific to the header of the access request message constituted by way of example preferential non-limiting by the data field commonly referred to as "X-Forwarded-For" request messages sent by the client terminals in TCP / IP client / server transactions.
  • steps A and B of FIG. 2a implemented at the level of the first intermediate proxy server SP 1 can be inverted.
  • the method which is the subject of the invention is then continued at the level of the successive proxy servers denoted SP x x belonging to [2, n].
  • the proxy servers SP x , (x different from 1) may be transparent or not for the client.
  • step C it then consists of a step C to perform the successive transmission and of course the application processing provided by each of the proxy servers successive intermediate to the request message, the transmission being performed in the absence of a call to the "IP spoofing" function, keeping, of course, the IP address of the client workstation in the header of the request message.
  • FIG. 2a the successive transmission and, of course, the processing operations applied to the request message are illustrated by the modification of the request message which becomes REQ [IP_CL] [IP_SP x , IP_SP x-1 ]
  • step A and B are inverted, the application process application step A provided by the first proxy server SP 1 can then be directly integrated in step C for example, without departing from the method framework of masking object of the present invention.
  • step C of FIG. 2a that is to say when the request message has reached the last proxy server of rank n, SP n , and following the implementation of the conventional routing process and transmission of the request message by the successive intermediate proxy servers, according to the traditional routing process in the absence of calls of the "IP spoofing" function, the request message prepared for the transmission of the last proxy server SP is available n to the server S, this access request message being of the form: REQ [IP_CL] [IP_S, IP_SP n ]
  • IP_SP address n the destination IP address is none other than the IP_S server address and that the source IP address is that of the last proxy server that applied the last application processing.
  • the last aforementioned proxy server then transmits the aforementioned access request message to the server S.
  • Step D can then be followed by a step E of deleting the specific field of the header of the access request message, i.e. remove from the access request message the IP_CL address data of the client workstation.
  • This operation hides the treatments applications provided by successive intermediate proxy servers.
  • a storage of the IP address of the client workstation can be done to of further use of this address data, as will be described later in the description.
  • the access request message is of the form REQ [] [IP_S, IP_S n ].
  • Step E can then be followed by a step F consisting of reconstructing a masked access request message including as source IP address client workstation address, IP_CL, and destination IP address the IP address of the server, the IP_S address.
  • the modified access request message is of the form MREQ [] [IP_S, IP_CL].
  • Step F can then be followed by a step G of transmitting from the masking module MM the masked access request message aforementioned to the server S.
  • this allows the server S to process the message hidden query previously mentioned as if it came from directly from the client workstation because the source IP address of the message from modified query is none other than the IP_CL address of the latter.
  • step E for the implementation of step E represented in FIG. 2a consisting in deleting the specific field of the header of the request message, this implementation advantageously consists, as represented in FIG. 2b, storing the IP address of the client workstation in a step E1 from the specific field of the request message header and erasing in a step E 2 the IP address data of the workstation in the specific field of the header of the request message, ie in the field designated "X-Forwarded-For".
  • the method that is the subject of the present invention is not limited to the steps represented in FIGS. 2a and 2b.
  • the method that is the subject of the invention may consist in performing a storage of the address of the client job IP_CL contained in the "X-Forwarded-For" field, ie in fact the step E1 shown in FIG. 2b, as well as a storage of the source IP address contained in the request message after interception, that is to say the IP_SP address n of the last proxy server that applied the last application processing to the aforementioned request message.
  • the storage of the aforementioned two addresses IP_CL and IP_SP n can then make it possible to constitute a data structure, such as a list or a table or the like, making it possible to one-to-one correspondence between the two abovementioned addresses for later use as part of the transmission.
  • a response message transmitted from the server S to the client terminal as will be described later in the description.
  • the method which is the subject of the present invention also makes it possible to implementation of a process of masking the application processes executed by the various successive intermediate proxy servers during transmission a response message sent by the S server to the client workstation WSCL, to ensure the implementation of a transparency view on the client side.
  • the response messages transmitted by the servers on the IP network to any client workstation that has transmitted an access request to the latter do not include a specific intermediate header field, such as as the data field "X-Forwarded-For".
  • a specific intermediate header field such as as the data field "X-Forwarded-For”.
  • the server S Following reception of this modified request message, the server S transmits a specific response of the form REP [IP_CL, IP_S].
  • response message By specific response message, it is of course understood that the The aforementioned response message is specific to the conditions of access and information required by the access request message, such as the message of altered access request previously cited, regardless of the nature of the transmitted data and the empowerment and potential degrees of the user and from the client workstation to the accession to the databases of the S server considered.
  • the response message above essentially comprises an IP address destination formed by the IP_CL client IP address of the WSCL client workstation, and, of course, a source IP address which is none other than the IP_S address of the server S.
  • the method that is the subject of the present invention for the routing of a masked response message consists, following the transmission of the above-mentioned specific response message to the address of destination of the client workstation, at the level of an MM masking module at cut-off, in a step H, the specific response message REP [IP_CL, IP_S].
  • Step H is then followed by step I of extracting, from intercepted specific response message, the destination IP address, i.e. the IP_CL address of the client workstation.
  • Step I is itself followed by a step J of discriminating, from the destination IP address, the intermediate source IP address corresponding to the IP address of the last intermediate proxy server reached by the message of access request, that is to say the last intermediate proxy server IP_SP address n .
  • step D of FIG. 2a it is advantageous to use the data structure obtained in step D of FIG. 2a, thanks to the one-to-one mapping of the destination IP addresses IP_CL and the address of the last proxy server reached by the request message, IP_SP n .
  • Step J is then followed by a step K consisting in reconstructing from the specific response message a reconstructed response message comprising as destination address the intermediate source IP address corresponding to the IP address of the last intermediate proxy server. reached by the access request message, that is to say the IP_SP n .
  • the source IP address that is the IP_S address can be maintained.
  • the reconstructed response message is of the form RREP [IP_SP n , IP_S].
  • Step K can then be followed by a step L of transmitting the aforementioned reconstructed response message from the masking module MM to the last intermediate proxy server IP_FP n .
  • the method that is the subject of the present invention for routing a response message then consists, as represented in FIG. 2c, at the level of the last intermediate proxy server and the successive intermediate proxy servers SP x , x belonging to [n, 2], executing the corresponding application processing in a step M and successively transmitting the reconstructed response message to the preceding proxy server.
  • step M The set of operations executed in step M is represented by the reconstructed response message of the form RREP [IP_SP x-1 , IP_SP x ] with x belonging to [n, 2] and by the return loop illustrating the execution of each application processing, then the transmission at each preceding proxy server, of descending rank n to 2, in the opposite direction of progress of the server access request message.
  • step M at the level of the first proxy server SP 1 reached by the access request message to the server S, there is provided a reconstructed response message of the form RREP [IP_CL, IP_SP 1 ] that can be forwarded to the IP address destination IP address client WSCL.
  • step M is then followed, at the level of the first intermediate proxy server SP 1 reached by the access request message, with a step N of reconstructing a transparent response message obtained by replacing, in the reconstructed response message, the intermediate source IP address corresponding to that of the first proxy server reached by the access request message to the server S by the source IP address corresponding to that of the S server, the IP_S address.
  • the transparent response message is of the form TRREP [IP_CL, IP_S].
  • Step N can then be followed by a step O of transmitting the above-mentioned transparent response message, from the first proxy server SP 1 to the client workstation WSCL, to the destination IP address IP_CL.
  • This procedure thus makes it possible, thanks to the process which is the subject of the present invention for the routing of a response message, to the WCSL client work to process the aforementioned transparent response message as if the latter came directly from the server S.
  • step N consisting in reconstructing a transparent response message can advantageously consist, in a step N 1 , of calling in read the destination IP address of the access request message stored previously, during the transmission of this access request message at the level of the first proxy server SP 1 reached by the aforementioned access request message.
  • the storage of the destination IP address that is to say the address of the server S, IP_S, at the level of the first proxy server SP 1 , during the transmission of the request message access, does not require storage operation specific to the method object of the present invention implemented for the routing of a masked access request message.
  • Such a storage operation is performed systematically and automatically at the level of the proxy server SP 1 , because of the implementation of transparent mode routing operations for the client of the proxy server SP 1 , the call of the IP_S address stored can then be simply performed from the storage address of this data.
  • the step N 1 can then be followed by a step N 2 of writing the IP_S address called in place of the intermediate source IP address, that is to say the IP_SP address 1 of the message reconstructed response obtained at the end of step M and represented in FIG. 2c, thereby constituting the source IP address corresponding to that of the server S.
  • FIG. 2e The upper part of FIG. 2e represents the routing of a request, the application processes designated SERV 1 , SERV 2 and SERV n being applied to the transmission of the request at the level of the successive proxy servers SP 1 , SP 2 and SP n. .
  • the call of the "IP spoofing" function is performed at of the masking module MM step F, for the transmission to the server S.
  • the different proxy servers operate in transparent mode for the client with regard to the first proxy server SP 1
  • the different successive transparent proxy servers SP 2 to SP n can operate or not in transparent mode for the client, the absence of transparency, for the latter, corresponding to a proxy operating mode in which the source IP address, to ensure the transmission of one of the proxy servers to the following proxy server, corresponds actually to the IP address of the proxy server considered.
  • step C of FIG. 2a This procedure is illustrated in step C of FIG. 2a respectively in step M of Figure 2c.
  • the object MM masking module of the invention comprises at least a first cut-off interception channel of the access request message, this channel being denoted 1 in FIG. 3a.
  • the first interception channel in cutoff 1 can generate, from the access request, a hidden request message including an IP address source, that is, the address of the client workstation, and the address of the client destination the IP address of the server, IP_S address, as previously described in the description in conjunction with steps D, E, F, G of Figure 2a.
  • the masking module MM object of the invention furthermore comprises a second way of intercepting a response message specific transmitted by the server in response to the hidden request message supra.
  • the second lane is noted 2 in Figure 3. This second lane allows, from the specific response message, to generate a message of reconstructed response, as previously described in the description relative to the process which is the subject of the present invention and, in particular, steps H, I, J, K, L shown in Figure 2c.
  • the masking module which is the subject of the invention comprises a memory module 3 accessible in writing / reading by the first respectively by the second cutoff intercept path.
  • the storage module 3 allows at least, on interception of the access request, to store the IP address of the client workstation, from a specific field of the header of the access request message and the IP address of the last intermediate proxy server SP n : IP_SP n of this access request message.
  • the first cut-off intercepting channel 1 comprises at least cascaded an HTTP proxy module, noted 1 0 , receiving the access request message.
  • This HTTP proxy module 1 0 has resources for analyzing each received data packet constituting the access request message at the application process level, that is to say the last application processing implemented by the last proxy server SP n for example.
  • the HTTP proxy module 1 0 makes it possible to analyze the TCP IP connection parameters of the masking module MM to the last proxy server SP n concerned.
  • the cut-off intercept path 1 further comprises a module 1 1 for extracting and copying the IP address of the client workstation, that is to say the IP_CL address from the specific data field, the "X-Forwarded-For" field of the access request message header.
  • the copying module 11 also makes it possible to erase the specific data field in accordance with the steps E 1 and E 2 represented in FIG. 2b for example. It also makes it possible to ensure the storage of the IP_SP intermediate source IP address n corresponding to that of the proxy server last reached by the access request message, as described in step D of FIG. 2a for example.
  • the first channel 1 cut interception also then comprises a module 1 2 IP data packet generator.
  • the module 1 2 IP packet generator makes it possible to ensure the replacement of the intermediate source IP address, that is to say that of the proxy server recently reached by the access request message, the proxy server SP n , by the IP address contained in the specific data field of the header of the request message, that is to say by the IP address of the client workstation, the IP_CL address.
  • the first channel 1 for interrupt interception finally comprises a module 13 transmitting IP data packets.
  • the second channel 2 interception cut comprises a module 2 0 transparent HTTP proxy receiving the specific response message generated by the server S, a module 2 1 IP address recovery of the last intermediate proxy server reached by the access request message SP n and the application processing port provided by the last intermediate proxy server mentioned above.
  • module 2 1 is then followed by a module 2 2 generating IP data packets for implementing step K of FIG. 2c and establishing the corresponding reconstructed response message.
  • the module 2 2 is then followed by a module 23 for sending the aforementioned IP packets to the last proxy server reached by the access request message to the destination IP address IP_SP n of the proxy server SP n .
  • the module 2 2 IP packet generator makes it possible to replace the destination IP address, that is to say the address of the IP_CL client workstation, with that of the proxy server SP n .
  • the memory module 3 accessible in writing / reading plays the role of a correspondence database storing the IP address of the service, that is to say the application processing implemented by the last proxy server SPn associated with the IP address of the client workstation address IP_CL, in accordance with step D of FIG. 2a.
  • the abovementioned correspondence base makes it possible to ensure that application processing or service provided by the latest proxy server processing the data packets making up this access request message gets well the corresponding response from the server.
  • the aforementioned correspondence base also ensures the correlation between the TCP connection established between the last SPn proxy server and the module MM masks and between the TCP connection established between the hiding MM and the server S.
  • the interconnection between the masking module MM and the server S respectively the proxy server SP n is performed via a service interface denoted IF 0 respectively of a server interface denoted IF 1 .
  • the sequencing of the operating mode of the MM masking module object of the present invention is carried out through a microprocessor and a working memory not shown in the drawings.
  • the MM masking module can also be implemented in the form of a computer allowing the implementation a communication layer with a proxy server and servers at through the HTTP method and a mechanism for receiving requests from the proxy servers, replace the IP address of the proxy server content in these queries by those of the client work terminal, to transmit modified requests to the server concerned, to receive the answers in from these servers, to restore the IP address of the proxy servers concerned instead of the IP address of the receiving work stations and to transmit the modified responses to the considered proxy server.
  • the method of the present invention and the masking module corresponding can be implemented on all application protocols providing for their execution mode, inserting the IP address of the work terminal client at the application level.
  • the HTTP proxy servers allow you to perform the insertion in the headers of query messages they receive, the IP address of the client workstation to the origin of this access request.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
EP04291974.6A 2003-08-12 2004-08-02 Verfahren zum Ausblenden einer Weiterverarbeitung von einer Zugriffsanforderung zu einem Server und entsprechende Vorrichtung Expired - Lifetime EP1507384B1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0309872A FR2858896A1 (fr) 2003-08-12 2003-08-12 Procede de masquage des traitements applicatifs d'une requete d'acces a un serveur et systeme de masquage correspondant
FR0309872 2003-08-12

Publications (2)

Publication Number Publication Date
EP1507384A1 true EP1507384A1 (de) 2005-02-16
EP1507384B1 EP1507384B1 (de) 2015-06-10

Family

ID=33561169

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04291974.6A Expired - Lifetime EP1507384B1 (de) 2003-08-12 2004-08-02 Verfahren zum Ausblenden einer Weiterverarbeitung von einer Zugriffsanforderung zu einem Server und entsprechende Vorrichtung

Country Status (3)

Country Link
US (1) US7581014B2 (de)
EP (1) EP1507384B1 (de)
FR (1) FR2858896A1 (de)

Families Citing this family (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080200168A1 (en) * 2003-08-05 2008-08-21 John Yue Jun Jiang Method and system for seamless data roaming across multiple operator bearers
US7761569B2 (en) 2004-01-23 2010-07-20 Tiversa, Inc. Method for monitoring and providing information over a peer to peer network
US8156175B2 (en) 2004-01-23 2012-04-10 Tiversa Inc. System and method for searching for specific types of people or information on a peer-to-peer network
FR2887718A1 (fr) * 2005-09-30 2006-12-29 France Telecom Dispositif et procede pour realiser l'interface entre un equipement informatique et un serveur http
US8812667B1 (en) * 2005-12-21 2014-08-19 Trend Micro Incorporated CIFS proxies for scanning protection
US8037127B2 (en) * 2006-02-21 2011-10-11 Strangeloop Networks, Inc. In-line network device for storing application-layer data, processing instructions, and/or rule sets
US8332925B2 (en) 2006-08-08 2012-12-11 A10 Networks, Inc. System and method for distributed multi-processing security gateway
US8079077B2 (en) 2006-08-08 2011-12-13 A10 Networks, Inc. System and method for distributed multi-processing security gateway
BRPI0718582A8 (pt) 2006-11-07 2018-05-22 Tiversa Ip Inc Sistema e método para experiência aprimorada com uma rede ponto a ponto
CN105321108B (zh) * 2007-04-12 2019-10-18 克罗尔信息保证有限责任公司 一种用于在对等网络上创建共享信息列表的系统和方法
CN101790725B (zh) * 2007-06-11 2013-11-20 蒂弗萨公司 用于在对等网络上做广告的系统和方法
US8195806B2 (en) * 2007-07-16 2012-06-05 International Business Machines Corporation Managing remote host visibility in a proxy server environment
US8516080B2 (en) 2008-12-03 2013-08-20 Mobophiles, Inc. System and method for providing virtual web access
US8156159B2 (en) * 2009-02-11 2012-04-10 Verizon Patent And Licensing, Inc. Data masking and unmasking of sensitive data
US8804535B2 (en) * 2009-03-25 2014-08-12 Avaya Inc. System and method for sending packets using another device's network address
US9118618B2 (en) 2012-03-29 2015-08-25 A10 Networks, Inc. Hardware-based packet editor
US9596286B2 (en) 2012-05-25 2017-03-14 A10 Networks, Inc. Method to process HTTP header with hardware assistance
CN103533001B (zh) * 2012-07-05 2018-10-30 腾讯科技(深圳)有限公司 基于http多重代理的通信方法和系统、中间代理服务器
CN108027805B (zh) 2012-09-25 2021-12-21 A10网络股份有限公司 数据网络中的负载分发
US10021174B2 (en) 2012-09-25 2018-07-10 A10 Networks, Inc. Distributing service sessions
US10027761B2 (en) 2013-05-03 2018-07-17 A10 Networks, Inc. Facilitating a secure 3 party network session by a network device
US10298712B2 (en) * 2013-12-11 2019-05-21 Telefonaktiebolaget Lm Ericsson (Publ) Proxy interception
US10020979B1 (en) 2014-03-25 2018-07-10 A10 Networks, Inc. Allocating resources in multi-core computing environments
US9806943B2 (en) 2014-04-24 2017-10-31 A10 Networks, Inc. Enabling planned upgrade/downgrade of network devices without impacting network sessions
CN111629030B (zh) * 2020-04-24 2025-01-07 腾讯科技(深圳)有限公司 基于边缘计算平台的通信处理方法、装置、介质及设备
EP3923548B1 (de) 2020-06-11 2023-09-27 Aloha Mobile Ltd. Mehrschichtiges dezentralisiertes servernetzwerk
CN112929241B (zh) * 2021-03-26 2022-06-21 新华三信息安全技术有限公司 一种网络测试方法及装置
US11379614B1 (en) 2021-10-22 2022-07-05 Akoya LLC Systems and methods for managing tokens and filtering data to control data access
US11641357B1 (en) 2021-10-22 2023-05-02 Akoya LLC Systems and methods for managing tokens and filtering data to control data access
US11373000B1 (en) * 2021-10-22 2022-06-28 Akoya LLC Systems and methods for managing tokens and filtering data to control data access
US11379617B1 (en) 2021-10-22 2022-07-05 Akoya LLC Systems and methods for managing tokens and filtering data to control data access
US11496483B1 (en) 2021-10-22 2022-11-08 Akoya LLC Systems and methods for managing tokens and filtering data to control data access
US12335148B2 (en) * 2022-03-28 2025-06-17 Ebay Inc. Linked packet tracing for software load balancers
US20240129264A1 (en) * 2022-10-14 2024-04-18 Oracle International Corporation Managing digital message transmission via a proxy digital mailbox
US12452200B2 (en) 2022-10-14 2025-10-21 Oracle International Corporation Digital message management for a shared digital mailbox

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001071556A1 (en) * 2000-03-22 2001-09-27 British Telecommunications Public Limited Company Data access
US6988147B2 (en) * 2001-05-31 2006-01-17 Openwave Systems Inc. Method of establishing a secure tunnel through a proxy server between a user device and a secure server
US20030033541A1 (en) * 2001-08-07 2003-02-13 International Business Machines Corporation Method and apparatus for detecting improper intrusions from a network into information systems
US20040006615A1 (en) * 2002-07-02 2004-01-08 Sun Microsystems, Inc., A Delaware Corporation Method and apparatus for cerating proxy auto-configuration file
JP4309629B2 (ja) * 2002-09-13 2009-08-05 株式会社日立製作所 ネットワークシステム
JP3940356B2 (ja) * 2002-12-27 2007-07-04 日本アイ・ビー・エム株式会社 プロキシ・サーバ、アクセス制御方法、アクセス制御プログラム

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"Configuring Covalent Headers", COVALENT ENTERPRISE READY SERVER PRODUCT GUIDE, 1 July 2002 (2002-07-01), XP002273946, Retrieved from the Internet <URL:http://www.covalent.net/support/docs/ers/2.2.0/HTML/ProductGuide/proxymodule.html> [retrieved on 20040317] *
ABOBA B ET AL: "RFC 2607: Proxy chaining and policy implementation in roaming", RFC, June 1999 (1999-06-01), XP002138087 *
NORIFUSA M: "Internet security: difficulties and solutions", March 1998, INTERNATIONAL JOURNAL OF MEDICAL INFORMATICS, ELSEVIER SCIENTIFIC PUBLISHERS, SHANNON, IR, PAGE(S) 69-74, ISSN: 1386-5056, XP004149463 *

Also Published As

Publication number Publication date
US7581014B2 (en) 2009-08-25
FR2858896A1 (fr) 2005-02-18
US20050038898A1 (en) 2005-02-17
EP1507384B1 (de) 2015-06-10

Similar Documents

Publication Publication Date Title
EP1507384B1 (de) Verfahren zum Ausblenden einer Weiterverarbeitung von einer Zugriffsanforderung zu einem Server und entsprechende Vorrichtung
EP3087701B1 (de) Verfahren zur diagnose von dienstfunktionen in einem ip-netzwerk
EP0959602A1 (de) Anordnung für Nachrichtübertragung mit verbesserten Stationen und entsprechendes Verfahren
FR2923969A1 (fr) Procede de gestion de trames dans un reseau global de communication, produit programme d&#39;ordinateur, moyen de stockage et tete de tunnel correspondants
FR2737372A1 (fr) Dispositif et procede d&#39;interconnexion de reseaux, routeur ip comprenant un tel dispositif
EP1357724A1 (de) Datenfilterungsverwaltungsvorrichtung
EP2807815B1 (de) System und verfahren zur steuerung einer dns-anfrage
EP3216189A1 (de) Delegierung der vermittlung bei einem austausch verschlüsselter daten
EP1605631B1 (de) System und Verfahren zum Testen eines Routers
EP3818442B1 (de) Verwaltung der anwendung einer richtlinie in einer sdn-umgebung eines kommunikationsnetzes
EP2847939A1 (de) Datenübertragungssystem
EP1758338B1 (de) Sicheres Kommunikationsverfahren- und gerät zur Verarbeitung von SEND-Datenpaketen
EP3970352A1 (de) Verfahren und vorrichtung zur verarbeitung einer anforderung zur anonymisierung einer quell-ip-adresse, verfahren und vorrichtung zur anforderung einer anonymisierung einer quell-ip-adresse
EP3235217B1 (de) Verfahren zum datenaustausch zwischen webbrowsern sowie routingvorrichtung, endgerät, computerprogramm und speichermedium dafür
EP1849257A1 (de) Verfahren und ausrüstung zur steuerung des zugriffs auf multicast-datenpaketfolgen
EP4449678A1 (de) Mechanismen zur kommunikation mit einem über ein telekommunikationsnetz zugänglichen dienst unter berücksichtigung der mobilität von diensten, benutzern und ausrüstung
EP3811578B1 (de) Verfahren zur entdeckung von zwischenfunktionen und zur auswahl eines pfads zwischen zwei kommunikationsvorrichtungen
EP1471713B1 (de) Verfahren und System zur Steuerung des Zugriffs auf Internet-Sites mittels eines Cache-Servers
WO2020020911A1 (fr) Procede de traitement d&#39;un paquet de donnees, dispositif, equipement de commutation et programme d&#39;ordinateur associes
EP1370045B1 (de) Datenzugriffssystem zu den Daten in einem aktiven Netz
EP3123691A1 (de) Verfahren zur verarbeitung einer nachricht bei einer verbindungsvorrichtung
WO2001020870A1 (fr) Relais d&#39;acces transparent a un reseau serveur
FR2953957A1 (fr) Detection de nom de domaine genere par un reseau de machines malveillantes
WO2005086455A2 (fr) Procede, systeme et dispositif de temporisation d&#39;un flux de paquets de donnees
FR2824214A1 (fr) Serveur perfectionne de gestion de donnees entre un reseau et des terminaux d&#39;utilisateur, et dispositif et procede de traitement de donnees associes

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL HR LT LV MK

17P Request for examination filed

Effective date: 20050706

AKX Designation fees paid

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

17Q First examination report despatched

Effective date: 20110412

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ORANGE

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

INTG Intention to grant announced

Effective date: 20141217

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 731314

Country of ref document: AT

Kind code of ref document: T

Effective date: 20150715

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602004047333

Country of ref document: DE

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

Free format text: LANGUAGE OF EP DOCUMENT: FRENCH

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 731314

Country of ref document: AT

Kind code of ref document: T

Effective date: 20150610

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20150610

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150911

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150910

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RO

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20150610

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20151012

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 602004047333

Country of ref document: DE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

Ref country code: LU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150802

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20150831

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20150831

26N No opposition filed

Effective date: 20160311

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20150910

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

REG Reference to a national code

Ref country code: IE

Ref legal event code: MM4A

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

Effective date: 20160429

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20150802

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20150910

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20160301

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20150831

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20040802

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20150831

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150610